Has author= stopped working? Under attack

  • Resolved vshukla

    (@vshukla)


    8 years, 10 months ago

    Hi.

    It appears that protection in protecting the user name from hackers who try author= has stopped working and I have had different people trying to login to my website in the last 1 hour.

    They managed to find out my user name and I have set the failed login attempt to 1 for the present to protect my website.

    Please help!

    Thanks

    Vatsala

    https://wordpress.org/plugins/wordfence/

Viewing 6 replies - 1 through 6 (of 6 total)
  • WFBrian

    (@wfbrian)

    8 years, 10 months ago

    I’m looking into this.

    -Brian

    WFSupport

    (@wfsupport)

    8 years, 10 months ago

    Can we get your domain name so I can look? There are many ways that hackers can get your username. The scan is just one of them. Also please confirm you are using the latest version of Wordfence.

    tim

    Thread Starter vshukla

    (@vshukla)

    8 years, 10 months ago

    Hi. The domain name is karmicallycoaching.com and I am using the latest version of Wordfence.

    I happened to be working on my website at the time but before logging out, I noticed that an IP 37.122.211.118 had tried author= 8 times. I blocked it.

    Just a few minutes later, the attacks started at 8.18 pm Indian Standard Time on Wednesday and continued till 4.03 am Indian Standard Time this morning. The first IP that I saw who tried to log in was 109.104.79.213.

    Fortunately they bot made a small mistake but this is very frightening!

    Other than this incident, I love Wordfence and cannot reiterate how many times this plugin has protected my website.

    Warm regards

    Vatsala

    WFSupport

    (@wfsupport)

    8 years, 10 months ago

    Just went to your site and tested this. The string essentially does nothing now. It just redirects to the main page which is what we did intentionally. (my IP tried authors 8,5, and 1 in case you were looking). I’m guessing they were able to get the name some other way. I’d make sure your display name is set to something other than your username, that you enabled the option to turn off errors in the login (wordfence options page, login security) so that invalid usernames don’t show that they are, etc.

    tim

    Thread Starter vshukla

    (@vshukla)

    8 years, 10 months ago

    Hi Tim,

    Thanks for looking into this. At least now I know when I was trying to log out once I knew there was an attack going on why I was being taken to my 404 page which also had me concerned.

    My settings have been set up for best practice as per Wordfence and comply with what you have written. The only thing, I am wondering is that my security level is set at custom. Do I need to change that?

    There is one setting I can change for instant lockout if the wrong user name is used. I’ll have to understand that a bit better.

    Thanks again,

    Vatsala

    WFSupport

    (@wfsupport)

    8 years, 10 months ago

    Instant lockout for wrong usernames are good unless you have a lot of users. If you have a lot of users, y0ou run the risk of having to unlock people all the time for typing in the username wrong.

    The security level is custom because you have changed values in it. Its fine the way it is. :))

    tim

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Has author= stopped working? Under attack’ is closed to new replies.